CVE-2007-0471 - OpenCVE

sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Checkpoint	Connectra Ngx

Configuration 1 [-]

cpe:2.3:a:checkpoint:connectra_ngx:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html
http://osvdb.org/31655
http://secunia.com/advisories/23847
http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472
http://securityreason.com/securityalert/2179
http://securitytracker.com/id?1017559
http://securitytracker.com/id?1017560
http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf
http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html
http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html
http://www.securityfocus.com/archive/1/457621/100/0/threaded
http://www.securityfocus.com/archive/1/457683/100/0/threaded
http://www.vupen.com/english/advisories/2007/0276
https://exchange.xforce.ibmcloud.com/vulnerabilities/31646

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-24T01:00:00

Updated: 2024-08-07T12:19:30.159Z

Reserved: 2007-01-23T00:00:00

Link: CVE-2007-0471

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-01-24T01:28:00.000

Modified: 2018-10-16T16:32:56.277

Link: CVE-2007-0471

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1017559", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017559"}, {"name": "20070122 Check Point Connectra End Point security bypass", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html"}, {"name": "20070122 Check Point Connectra End Point security bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/457683/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html"}, {"name": "2179", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2179"}, {"name": "23847", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23847"}, {"name": "20070122 Re: [Full-disclosure] Check Point Connectra End Point security bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/457621/100/0/threaded"}, {"name": "checkpoint-params-security-bypass(31646)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31646"}, {"tags": ["x_refsource_MISC"], "url": "http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472"}, {"name": "31655", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/31655"}, {"name": "1017560", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017560"}, {"tags": ["x_refsource_MISC"], "url": "http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf"}, {"name": "ADV-2007-0276", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0276"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0471", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1017559", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017559"}, {"name": "20070122 Check Point Connectra End Point security bypass", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html"}, {"name": "20070122 Check Point Connectra End Point security bypass", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/457683/100/0/threaded"}, {"name": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html", "refsource": "CONFIRM", "url": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html"}, {"name": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html", "refsource": "MISC", "url": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html"}, {"name": "2179", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2179"}, {"name": "23847", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23847"}, {"name": "20070122 Re: [Full-disclosure] Check Point Connectra End Point security bypass", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/457621/100/0/threaded"}, {"name": "checkpoint-params-security-bypass(31646)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31646"}, {"name": "http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472", "refsource": "MISC", "url": "http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472"}, {"name": "31655", "refsource": "OSVDB", "url": "http://osvdb.org/31655"}, {"name": "1017560", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017560"}, {"name": "http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf", "refsource": "MISC", "url": "http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf"}, {"name": "ADV-2007-0276", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0276"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:19:30.159Z"}, "title": "CVE Program Container", "references": [{"name": "1017559", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017559"}, {"name": "20070122 Check Point Connectra End Point security bypass", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html"}, {"name": "20070122 Check Point Connectra End Point security bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/457683/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html"}, {"name": "2179", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2179"}, {"name": "23847", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23847"}, {"name": "20070122 Re: [Full-disclosure] Check Point Connectra End Point security bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/457621/100/0/threaded"}, {"name": "checkpoint-params-security-bypass(31646)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31646"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472"}, {"name": "31655", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/31655"}, {"name": "1017560", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017560"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf"}, {"name": "ADV-2007-0276", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0276"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0471", "datePublished": "2007-01-24T01:00:00", "dateReserved": "2007-01-23T00:00:00", "dateUpdated": "2024-08-07T12:19:30.159Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:checkpoint:connectra_ngx:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8BC4A4B-B251-4D50-854C-C07E88EAC665", "versionEndIncluding": "r62", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token."}, {"lang": "es", "value": "El archivo sre/params.php en el componente Integrity Clientless Security (ICS) en Check Point Connectra NGX R62 versi\u00f3n 3.x y anteriores a Security Hotfix versi\u00f3n 5, y posiblemente VPN-1 NGX R62, permite a los atacantes remotos omitir los requisitos de seguridad por medio de un par\u00e1metro Report creado, que devuelve un token de autenticaci\u00f3n ICSCookie v\u00e1lido."}], "id": "CVE-2007-0471", "lastModified": "2018-10-16T16:32:56.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-24T01:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/31655"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23847"}, {"source": "cve@mitre.org", "url": "http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2179"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017559"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017560"}, {"source": "cve@mitre.org", "url": "http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf"}, {"source": "cve@mitre.org", "url": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html"}, {"source": "cve@mitre.org", "url": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/457621/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/457683/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0276"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31646"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}